Title: Deanonymizing Users of the SafeWeb Anonymizing Service
Authors: David Martin, Andrew Schulman
Date: Feb 11, 2002
Abstract
The SafeWeb anonymizing system has been lauded by the press and loved
by its users; self-described as "the most widely used online privacy
service in the world," it served over 3,000,000 page views per day at
its peak. SafeWeb was designed to defeat content blocking by
firewalls and to defeat Web server attempts to identify users, all
without degrading Web site behavior or requiring users to install
specialized software. In this article we describe how these
fundamentally incompatible requirements were realized in SafeWeb's
architecture, resulting in spectacular failure modes under simple
JavaScript attacks. These exploits allow adversaries to turn SafeWeb
into a weapon against its users, inflicting more damage on them than
would have been possible if they had never relied on SafeWeb
technology. By bringing these problems to light, we hope to remind
readers of the chasm that continues to separate popular and technical
notions of security.